Drupal Feeds

Drupal 8 allows you to generate image styles for various effects (reduction, cut-out, black-and-white, saturation, etc.) for each uploaded image. You can very quickly have many images styles, and even more if you use responsive images, allowing to propose different dimensions according to the terminal used to consult your website.

For a recent project, I needed to use the popular Bootstrap theme, using the Sass starterkit for easy CSS management.

The project is hosted on Acquia Cloud, and the quickest way to start a new Drupal project that deploys to Acquia Cloud is to use BLT (a tool for Building, Testing, and Launching Drupal sites). BLT is an automation framework for running and building Drupal sites locally (it even integrates with Drupal VM!), and it is able to test, build, and deploy code on Acquia Cloud.

Tags: acquia drupal planet

The Horizons track at DrupalCon, as the name suggests, challenges us to explore what’s on the horizon of web- and internet-based technology, and how Drupal can enable software developers to pursue and meet these new challenges.

We asked around a bit and gathered a list of suggested topics—emerging or new technologies—that you as Drupal developers and agencies are creating solutions for and exploring as new market opportunities.

This conversation with Beth Tucker Long (@e3bethtl) is the one of a series of interviews Campbell Vertesi (@CampbellVertesi) and I carried out in preparation for DrupalCon Asia in Mumbai. Now, we're sharing all the good stuff we captured but didn’t have time to cover in 40 minutes in Mumbai.

Our session, Meet PHP-FIG: Your community just got a whole lot bigger, Drupal is about Drupal 8’s membership in the new, interoperable PHP community. We’re covering the basics of what the PHP Framework Interoperability Group (PHP-FIG) is, what the various PSRs are and do, talk about testing and dependency management, and what it means to be a part of the new PHP community — including having better architecture, cleaner code, and more interoperability. All of this adds up to a big move to get projects “off their islands,” saving developers a lot of code, and companies a lot of money, among other benefits.

I apologize for the poor audio quality in this recording and hope the quality of the conversation makes up for it.

Selected quotes from this conversation with Beth Tucker Long:

"All right. Hello, Drupal. My name is Beth Tucker-Long, and I am so excited that Drupal 8 is out. Way to go! We’re very proud of you. I am really excited about Drupal 8 because it represents so much community involvement, working together. I’m so excited that we have so many big projects from the PHP side of things and the Drupal side of things working together, and I just can’t wait to see, with all this brainpower that we have merged into this project, where we go from here."

“I really love the fact that now we can say, “Hey, we are all PHP developers, and these are the technologies that we use to help us, and as PHP developers, we are putting forth these standards, so we can all work together and not be so splintered.” That was my main motivation for supporting FIG.”

"As long as we, as a community, are encouraging new developers to be FIG-compliant as they come into it, non-FIG-compliant code is going to start looking like old legacy code."

"So, writing a quick and dirty thing 10 times is going to take longer than writing it the right way once and being able to reuse it."

Guest dossier
Interview video - 27 min.

Full conversation transcript

jam: We are Campbell Vertesi ... My name is Jam. I work for Acquia. My title is Evangelist and I’m in Developer Relations. We have a special guest today. Would you like to introduce yourself?

Beth: I am Beth Tucker-Long, and I am an independent consultant working with PHP. I do work with Drupal on a number of my projects and lots of other things, because as a consultant, I work on whatever you’ll pay me to work on, so ... the life of a consultant.

jam: Right. Over the last however many years it’s been, you were actually, in a way, at the center of what I like to call the PHP Renaissance, so you were definitely a keen observer of this coming together of all these different PHP technologies from being very disparate, siloed implementations of the language back to being something like community. I’m thinking particularly of your role at php[architect].

Beth: Yes. I worked at php[architect] for seven years. I was involved in Tek when PHP-FIG was started at php[tek], and it was a very exciting time. Also, I was doing consulting then as well, so it’s an exciting time for me as well because having to work with all these disparate technologies that did not work well with each other at all was frustrating, and now it is becoming a much happier place for people to work together.

Campbell: One of the things that we’ve talked about with some of the other people is exactly what you say, that consultants for a lot of developers out there, we have to be able to jump between different technology stacks, between different frameworks. This “FIG era” makes it a lot easier for that. Was that a founding motivation for you to get involved in this, or were there other things behind it? What do you think is the best benefit that made you wanted to get involved in PHP-FIG?

Beth: Sure. I should clarify. I’m not directly involved in PHP-FIG because I’m not a project owner. I am just a big supporter of what FIG is trying to do and a big encourager of trying to get other people who are project owners involved in FIG and encouraging a few people to follow the standards that FIG is setting forward. As a consultant, I have seen so many different people’s code, and I have tried to work to get so many different people’s code to work together and without any standards ... It was a very frustrating time, shall we say. So many people and so many projects had this pride of, “Well, you can obviously tell people are working on my project, because their code looks like this.” While that is a neat thing to be able to say, “My code looks different from everyone else’s because I am an ex-application developer,” it makes it really hard for anyone who has to come in and work with your code who is not familiar with that, or who has to try to get your code to talk to somebody else’s code. So, I really love the fact that now we can say, “Hey, we are all PHP developers, and these are the technologies that we use to help us, and as PHP developers, we are putting forth these standards, so we can all work together and not be so splintered.” That was my main motivation for supporting FIG.

jam: It makes us much more efficient developers. Not only can we reuse a lot more good supported code but once we’ve learned a set of principles as long as whatever else we want to work with is meeting PSR standards, for example, then we can probably jump right in to them and get to work.

Beth: Definitely, even projects that don’t support the FIG standards yet. I think it still makes things easier as a whole because so many projects are becoming more open to working with other projects so even if they haven’t necessarily gotten all of the standards, at least projects are now aware that people want them to work together and so the development that’s happening moving forward, even if it’s not officially FIG-compliant, seems to be supporting the mindset of “We need to work together,” and “I want my code to be reusable in other places and easy to be reused.” Even if projects aren’t necessarily on board with FIG, I feel that just the landscape mentality has changed as a whole to something more positive because of the work that FIG has been doing.

jam: So, set the scene. You were probably even a co-organizer. You were at php[tek] when late one night, I don’t know how many people had this crazy idea. In German, we might call it a “Schnappsidee,” which is the kind of idea you have when you’re having schnapps. Like, “Well we need to ... this all needs to ... let’s make a standards group, let’s see.” You were there, right? Set the scene. How was that? What was going on?

Beth: Actually, I was working at that time. So I was in the building but not in the room when it happened but the stories that I’ve heard. A dark, hazy room with lots of alcohol and lots of cheering and yes. You know? Like all great ideas are born, right?

jam: Yes. So, Cal Evans told me that the people that were in the room thought it was a great idea and put this thing together and then there was a lot of hate. What happened next?

Beth: Yes, there was a lot of hate afterwards. I feel that with most landscape-changing decisions ... as a species, we really dislike change. So, anytime there’s something new, there’s always resistance. This was a really big shift in mentality, and there was a lot of animosity about, “Who do these people think they are telling me I have to conform to the standards they think are best?” There was a lot of, “I’m fine if we all get along as long as we’re doing my standard, not yours.” So, right away, the animosity I felt at least was not necessarily towards the idea of standardizing and working together, which is nice, but there was a lot of animosity about whose standard we were going to use and why certain people had the right to tell other people to standardize on which standard. That took several years of working through and probably still isn’t quite officially worked through but it is getting better.

jam: I think also that the name change that the group underwent fairly rapidly also helped the shift in perceptions. Originally, it was founded as something like a standards, a “PHP Standards Group” or standards something.

Beth Yes, “Standard Compliance Group” or something.

jam: Right and renaming it the Framework Interoperability Group immediately gave it a much more positive spin.

Beth: Yes, it did. Although then, there’s a lot of complaints about, “Well, I’m not a framework but ...” you know. So, you can never make everyone happy but it does put it in a much more positive light. Like, “We’re all working together. Let’s embrace the part of the idea that everybody seems to like and then we’ll work on the parts that people don’t like.”

Campbell: With this in mind, what do you think is the most important PSR in terms of actually unifying what people do?

Beth: The actual FIG PSR, you mean?

Campbell: Yes. You’re allowed to choose ones that haven’t been accepted yet. We won’t tell.

Beth: Oh my goodness. The most important FIG PSR...

Campbell: In terms of making it easier to work together.

Beth: I guess in my day-to-day life, the PSR that affected me the most are the actual coding standards just because I don’t write a major framework. So, some of the requirements about how to write your framework to work with other things, it’s already architected by the time I get it so I just use it. But the spacing issues and the format issues which cause so much ire in the community, those are the ones that affect me most day-to-day and the ones that I try to get people who work with me to follow the most because if our code all looks the same, it’s a lot easier to scan through. It’s a lot easier to read through. It has really made things easier coming into a new project if they follow the FIG coding standards as well. So, I would say probably on a big scale, that’s probably not the most important one community wide, but that’s the most important one in my day-to-day life.

Campbell: In some way, I wonder if we’ll start seeing a peer-pressure effect this way. I mean, I worked really hard to get my personal code to follow PSR 0 and 1 under a month.

jam: No, one and two.

Campbell: One and two.

Beth: Yes. It can be started with one and then we can move in to two.

Campbell: Yes, which is exactly what I did, and then I popped open Drupal 8 and started to rage that, “Dang it! Those crazy - are still using two spaces to indent. It should be four!”

jam: That’s where FIG got it wrong, though, because two spaces is the one true way. Not tabs, not four spaces.

Campbell: Absolutely. And we will defend that!

Beth: I know!

Interviewer: So we’re out!

Interviewer: No, but I wonder if...

Beth: That’s it. Throw is all away and start over!

Campbell: I wonder if we’ll start to see a bit of peer pressure, that you get developers coming into projects that are relatively PSR-friendly or FIG-friendly like Drupal and then well, I write with four spaces and cirly braces on the next line. Sorry about your...

Beth: Yes. I think what will happen over time is that... as long as we, as a community, are encouraging new developers to be FIG-compliant as they come into it, non-FIG-compliant code is going to start looking like old legacy code. So, I think you’re right in that there probably will be some peer pressure in the fact that you don’t want your code to look old the moment you write it. So, it will start to be the way to tell old code, I guess, from newer code.

jam: How do you feel about Drupal 8?

Beth: Just in general?

jam: I could – so, how do you feel about Drupal 8 as the first product of this convergence in PHP? Somehow, the dependency management and code interoperability has produced this meta-product which is a combination of code from across a dozen ... 20 different open source projects, and we call it Drupal 8 but it’s a really magnificent combination of different stuff.

Beth: My favorite thing about that besides the fact that I think it’s going to become a lot easier to work with, is that it has really forced the issue of getting our communities to work together. We’ve, for so long, been siloed into, “Oh, I’m a PHP developer. I only write plain old PHP. I’m a Drupal developer, I only work with Drupal. Or I’m a Symphony developer. I only work with Symphony.” We’ve just been so isolated in what we’ve done. Now, we have one project where all of those people are together into one project is, I think, forcing the community to address the issue of how isolated we’ve become and allowing us to all have a project that we can contribute to, that we can work with, that we can feel a sense of pride because our personal piece of PHP is participating, and is a part of this project. It’s really allowing so much more community between just being the different developer types, and I’m excited to see more projects pulling in those different viewpoints and I guess capitalizing on the fact that different communities have different specialties and different ways of looking at things and analyzing things and different worst-case scenario-planning, and we can all benefit from the sharing of this knowledge that we’ve grown in each of our different areas.

Campbell: We’ve had some great conversations, especially at PHP conferences and Symphony conferences with people. We’ll go and present to them and talk about Drupal 8 as this first integrated product and what you can do with it. Before the session, people go, “Oh, I don’t use a CMS. I build it all off from scratch,” and it sounds like I feel like I’m talking to somebody from 2009. Really...

Beth: Yes. A lot of us were around then ...

Campbell: They really poo–poo the idea just because it’s CMS or because they would have used Drupal in 2009 in 2007, right? Then we can give a presentation and go, “Oh well, this is how you architect a large multi-headed beast where this CMS is just a part of it. It fits smoothly into the rest of it.” It really – I mean I feel like this can really change people’s perspective on actually, how they work with different frameworks - also from [Unintelligible] ... It’s a component.

Beth: Yes.

jam: Outsource don’t write a CMS ever again. Outsource that to Drupal 8 and get on with what’s interesting.

Beth: One of the great things about this now when you’re talking about - talking to those people who are, “I do it all from scratch, I don’t need to,” or “I only use this. I don’t need to use anything else.” is that the conversation now is not, “You have to stop using your thing and switch to ours,” because that’s what the conversation has always been. Now, we don’t have to tell people to give up their technology. Now, we say, “Your technology is awesome and you can use it with ours to make things even better.” So, I think the discussion is getting more friendly as well, so yes.

jam: Now, take your awesomeness and ours and let’s put it together.

Beth: Yes, and something even bigger.

jam: Instead of our awesomeness is clearly more awesome than yours, you should as well.

Beth: Exactly, because that’s instantly a confrontational discussion. So, now we’re working together instead of confronting.

Campbell: So, we talk a lot with other consultant-developers of, like jam said, our first time we’re giving this session is going to be in Mumbai. One of the things we’ve heard a lot from shops that are going to be in our session is they’re not interested in standards, they’re not interested in best practices. They’re interested in just get it done. You got to get it out of the door fast, and I’m going to jump in and do it quick and dirty. It’s partly because people have to learn to work with new frameworks quickly, and it’s partly just because of the, frankly, the case of business. What’s your argument? Why should these people care about the “Interoperability Era”?

Beth: As a consultant, I completely understand that mindset at times. Because when you’re a consultant, people are not paying you to learn new things. They are not paying you to spend time to do things the right way because the people hiring you don’t understand what you’re doing on the backend, all they understand is how long it takes you to do it, and how much that’s going to cost them and they don’t care about anything beyond that. So, it becomes very difficult to, I guess, convince yourself that you need to have that time to do those things, and learning a new framework is a big undertaking. It’s a lot of work. It’s a big shift in how you do things. It makes it uncomfortable to code again for a while because you’re retraining even just your fingers on how to type. It’s amazing the muscle memory that you get coding things. It’s a big shift. It’s a lot of work, and there’s no immediate benefit to that work. It’s not instant benefit. It’s a long-term benefit.

So, when you’re in the thick of things and you’re stressed, and you have a deadline looming, those long-term benefits are really hard to buy into. So, what I try to do with the other consultants that I work with or with the clients that I work with is I try to really quantify those long-term benefits. Sometimes I win and sometimes I don’t, but I try to, at least, make people aware that there are long-term benefits and consequences of these rushed decisions that you’re making and these shortcuts you’re taking. I hope at least that people are making an informed decision when they decide to do things quick and dirty. In some cases, maybe quick and dirty is fine. “Hey, we’ve got this thing. We’re only using it for a couple of weeks. I swear we’re going to throw it away for real this time.”

jam: “Nothing lasts longer than a temporary fix.”

Beth: I know, right? I know. But, on the flip-side, like you said, things last forever. If you do it the right way, it’s easier to reuse it in the future. So, writing a quick and dirty thing 10 times is going to take longer than writing it the right way once and being able to reuse it.

Campbell: One of the things we’ve heard from Sebastian Bergmann that – is that time and again, studies have shown that yes, okay, there’s a 30% extra time requirement when you start writing unit tests the first time you code. Hard to get your head around, it’s a slow process that takes you longer. But in the long run ...

Interviewer: You make that up and then you get a 60% productivity gain in the best cases by building tests into your development workflow.

Beth: Yes.

Campbell: Yes.

Beth: Yes. The problem is that a lot of these consulting companies are only involved in that beginning timeframe. So, they’re required to take on that burden if the extra 30% work on the front end, but they never see the 60% gain because they’re no longer on the project when that comes into play.

jam: Although I wonder if another perspective on this efficiency of tools discussion would be, “Hey, so Drupal 8 might be a lot to wrap your head around.” You have to learn this new CMS and figure out a module system in whatever you’re doing but once you have a toolset that’s quite comprehensive and solves a lot of the web use case and you’re fluent in it, then ... I know there’s no data out there, but I imagine that you also gain a productivity win and then because I’m a fanboy, I can also say, “Well, it’s probably more secure when it’s really well-maintained and supported and so of course, you know, that’s a bonus as well.”

Beth: Sure. From the consultant viewpoint, that’s true as long as you are able to choose the technology stack that you’re working on, but in many times in consulting, we don’t get that choice. So, you spend all this time investing and becoming fluent in Drupal and then you get a slew of WordPress projects, and it doesn’t help you at all. That can be a very tough buy-in as well from the consulting viewpoint. But I think that if we can continue to get buy-in from the project owners and managers who are architecting these systems then the consultants that come in will have to take up that viewpoint as well because that will be the environment that they’re working on. So, the consultants tend to work more in legacy systems than in newer systems because newer systems tend to have a developer team who’s working on it and they don’t bring in consultants right away. You bring in consultants when, “Oh, my gosh. That’s horrid code. I don’t want to look at it. Bring in a consultant because I’m too busy just trying to put out these fires over here, to keep things running.” That’s when the consultants get brought in. So, I think the buy-in has to be from the project owners first before we ever have a hope of getting consultants onboard.

jam: Hopefully over time, we’re going to see more and more products that use, for example, PSR-compliant methodologies ... testing and what have you ... and over time, your job as a consultant will become better, more bearable, more productive because you’re going to see more compliant code, stuff that you understand off the bat, things that have been tested along the way.

Campbell: Well, I think at the very least might be the easy one to convince people of is using external libraries, and having something available like Composer or having something available like proper dependency injection means you just need to write less code.

Beth: Definitely. Component libraries are usually an easy thing to convince people of. Although in some consulting projects, you’re not allowed to use external things that aren’t already on the server, so that can be a tough sell. It depends. But with the component library, if you can’t use it, you still have to write it from scratch, so if you can use it some of the time, it’s still an improvement over not being able to use it any of the time.

Campbell: I was going to say I’ve never encountered that. I remember one project five or six years ago where the environment was such like we couldn’t get anything installed on the server or any components without going through an IT approval. This was for a university. This wasn’t like a high-security project but we had to go through ... So, every couple of days, there was another email and because in our case, it was every Drupal module we had to ask permission.

Beth: Yes.

Campbell: Like we use a hundred modules on that project.

Beth: Yes and anything dealing with healthcare or medical industry... Everything has to be audited and approved by a security team before you can use it. So, using a whole bunch of different component library stuff can be an excruciatingly painful process in those types of environments. Which is why most types of environments, hopefully, they’ve had a framework approved, and at least you have a framework that you can use.

Campbell: That’s the easy win, actually. At least healthcare, and there are certain environments there, the security is warranted. That one was really the brochureware front end for the university. “You need to authorize what slideshow we’re using?” :-D

jam: So, we’d like you to do a specific greeting to our session and to the Drupal world. Most people are going for something like, “Hi, Drupal. My name is such and so, and congratulations on getting v8 out, and welcome to the broader PHP world. I’m excited you’re here because,” or “You should be excited about the following,” or some upbeat statement like that, welcoming us into the fold, essentially.

Campbell: Welcome us into the fold and tell us why we’re excited or why you’re excited about it.

Beth: Okay.

Campbell/Beth: Now.

Beth: All right. Hello, Drupal. My name is Beth Tucker-Long, and I am so excited that Drupal 8 is out. Way to go! We’re very proud of you. I am really excited about Drupal 8 because it represents so much community involvement, working together. I’m so excited that we have so many big projects from the PHP side of things and the Drupal side of things working together, and I just can’t wait to see, with all this brainpower that we have merged into this project, where we go from here.

jam: You want to come to a DrupalCon?

Beth: Do I want to come to the DrupalCon? I would love to.

jam: Beth, thank you so much for taking the time to talk with us.

Beth: No problem.

jam: We really appreciate it. I look forward to seeing you in person soon. Perry, thank you for being so patient and sleeping until right now. That was...

Beth: Very good timing. Good job.

Cam: Yes.

jam: Perry’s first podcast. Thanks, Beth!

Beth: Yes. No problem. Awesome.

Podcast series: Drupal 8Skill Level: BeginnerIntermediateAdvanced
AcademyHealth brandt Thu, 12/15/2016 - 11:12 Increasing Membership Through Thoughtful Design

Showcasing the value of membership through a beautiful design.

  • Creating a modern design for a research organization

  • Emphasizing the value of membership

  • Building a custom Drupal module for GatherContent

We want to make your project a success.

Let's Chat. Our Client

AcademyHealth brings together health services and policy research professionals to transform the future of health services research (HSR). ​Health services research is the science of study that determines what works, for whom, at what cost, and under what circumstances. HSR studies how our health system works, how to support patients and providers in choosing the right care, and how to improve health through care delivery.

As an objective broker of healthcare information, AcademyHealth offers HSR practitioners access to leading health policy publications, course syllabi, research funding, networking opportunities and training programs. They also provide policymakers and the media the necessary tools to navigate and address key issues related to the delivery of health care and the development of health policy.

Goals and Direction

AcademyHealth was looking for a strategic design partner to help define their web presence and effectively demonstrate the value of AcademyHealth membership. To do so, they needed to make it easy to find and explore relevant HSR research and topics drawn from a variety of sources.

The primary high-level goals for the redesign were to:

  • Create a strong experience for multiple audiences. The primary purpose of AcademyHealth’s website is to convey and promote the breadth and impact of health services research to a broad audience of users. The redesign needed to enhance the visibility and accessibility of key information produced by AcademyHealth and its members and partners.
  • Implement a streamlined design system. This design system needed to be cohesive and user-focused for users both internal and external, as well as member and non-member.
  • Improve internal user experience. The editing experience needed to provide better tools for managing the flow of copy as editors created new content.
  • Improve navigation through topic-centered information architecture. The hierarchy of the navigation needed to support the topic-centered approach of the new information architecture and improve users’ findability of content.
  • Convey diverse offerings of AcademyHealth membership. Member-exclusive opportunities that further the professional advancement of HSR practitioners needed to be prominent to make the value of membership obvious.
  • Embrace current web design best practices. The new site needed to utilize responsive design and follow best practices for accessibility.
A Fresh Design

The new site required a responsive design, so that all users could have a positive experience no matter the size of their screen. Responsive design prioritizes content differently based on the device users are using to access the website. With mobile web usage surpassing desktop, we adopted a mobile-first design approach. Because of the limited screen size of mobile — and the distractions inherent to mobile device usage — design must be focused on the actions most important to users.

Another requirement was that the design convey an immediate sense of brand identity that allows AcademyHealth to stand out. Our design team began by researching the competitive landscape to gather ideas for what kind of mood the AcademyHealth site should portray.

A collage of landscape research compiled for design inspiration.

With the goal of increasing membership in mind, our designers knew it was important to create a feel of belonging with the new design. Our design team created a skyline image for the homepage that represents the different elements of their member base: healthcare practitioners, university researchers, and government policymakers. The prismatic skyline also represents the breadth and scale of the healthcare community.

Style tiles, showing the skyline header and general font and color treatments.

After incorporating a round of feedback from the AcademyHealth team, the design direction was finalized and we began prototyping the site and building its style guide. The style guide is a set of interactive HTML and CSS components that form the design for a CMS implementation.

A style guide element showing proper image usage for the site and its behavior on mobile.GatherContent and Development

When planning for a website redesign or relaunch, the content is more important than the technology. Yet, because of the effort involved, it can be easy to neglect this critical step in project planning. As an organization with a dedicated editorial team, AcademyHealth understood the challenge and used GatherContent during the Discovery and Strategy phase of the project. GatherContent is a content development tool that allows content to be prepared and reviewed before publishing to Drupal and other content management systems.

Because AcademyHealth could begin preparing their content so early in the process, all of their baseline content was ready before development even began. Having real, production-ready content greatly enabled our team to develop a site that matched exactly what they needed, and we were able to do all of our technical demos with real content.

In order to migrate AcademyHealth’s content from GatherContent to their new Drupal site, our development team wrote a Drupal 8 migration source plugin for the GatherContent API. Using this module and Migrate Plus, YAML migration configurations can be written to import content from GatherContent to Drupal content, including nodes, taxonomy terms, and menu items. Once development was complete, the use of GatherContent facilitated a quick launch, since moving content into Drupal had been automated.

The Importance of User Testing

While development was in progress, our strategy team conducted both virtual and in-person usability testing. When implementing virtual testing of the navigation, we focused on terms that were used by key audiences to discuss health services content. Building upon the research conducted during the navigation testing, in-person usability testing with a group of prominent health services researchers focused on evaluating stakeholders’ ability to successfully complete key tasks that relate directly to key performance indicators and business goals. Having conducted research and holding conversations with key stakeholders, our strategists’ deep subject knowledge of AcademyHealth’s audience and content enabled them to craft questions and tasks for user testing that aligned specifically with AcademyHealth’s business goals.

By asking very specific questions, we were able to make sure topics were tagged correctly and content was filed in a way that makes sense to users.

Question results during in-person user testing.

By conducting user testing, key stakeholders were able to see in-person reactions from site users. This process helped us to refine the design and functionality with actionable data.

A sample user test result of the site’s navigation.

Our strategy and development team then synthesized the results of testing into recommended improvements to the site’s structure.

Specific results of a usability test for mobile device users.

For teams familiar with working within their organization’s structure, there can be a desire to list all options within the site navigation. After all, it’s how the team thinks of itself. But in this case, we found that listing all options was overwhelming to people just beginning their interaction with AcademyHealth.

As a result, the main navigation was streamlined, and the list of special interest groups is displayed within the context of topical areas. When thinking about a redesign, the ability to step outside your own organization is critical and can be done quickly through the smart application of user testing.

Working in native HTML and CSS allows cross-browser and mobile testing to be introduced immediately, which greatly aids the design process.

The final AcademyHealth homepage.Editorial Training and Workflows

While the editorial team was working with their content during the strategy engagement, during development they needed to become familiar with Drupal 8 and how the new CMS would affect their workflows. Since improving the internal user experience was a key goal, we built editorial training into the project schedule, which allowed the development team to iterate on specific improvements.

Most significantly, working with the editorial team uncovered new workflow efficiencies. Using Drupal 8’s improved editing screens and the Workbench Moderation module (now in Drupal 8.2 core as Content Moderation), we developed a custom approval workflow based around member and non-member content. Since each content type can have a custom workflow, editors with different specialties can adopt a workflow best suited to their publishing needs.

While creating content, editors can also select related content elements to promote discovery and increase visitor retention. The site uses a combination of automated and curated selection for related content, which ensures relevant content appears in each context.

A publication page for AcademyHealth, with related content given prominent location.The Results

In many ways, this was an ideal project. By setting up GatherContent early, our development team was able to effectively build a site that organized and showcased their content. Once development was complete, the extensive amount of user testing performed allowed us to make strong recommendations for future iterations of the site.

We want to make your project a success.

Let's Chat. Drupal 8 Services strategy design development academyhealth.org
Drupal Modules: The One Percent — Contact Block (video tutorial) NonProfit Thu, 12/15/2016 - 13:25 Episode 12

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll consider Contact Block, a module which will expose your contact form to the block system.

Thought I'd give a quick update on my personal contribution efforts, given I'm involved in so many different projects.

Metatag for Drupal 7

The Drupal 7 version of Metatag is pretty darned solid at this point. Some tests were added recently that

Metatag for Drupal 8

This is overdue for a stable release, and the good news is that we're almost there. Here's what my current goals are:

Mapping in Drupal 8 with GeoLocation Field

Adding a map to a website in Drupal 7 is fairly easy - the only difficulty being which of the many mapping modules to use. In Drupal 8 many of the modules are not available yet, or only have dev or beta versions available. One of the ones that seems fairly stable and has a good set of features without being overly complex is the Geolocation Field module. We've used it on a site recently with great success, and in this blog post we will cover the fundamentals of how to use this module.

Panels has always been my go-to module when it comes to building custom pages in Drupal 7. Now in Drupal 8 things have changed. A lot of what Panels did in Drupal 7 has been moved over to Page Manager. Panels itself doesn't offer a user interface and it is just a variant type in Drupal 8. Also, Page Manager is now its own project, whereas, in Drupal 7 it was part of the Ctools module. Panels in Drupal 8 integrates with Page Manager and offers a custom variant type which allows you to select different layouts and manage blocks in the layouts. On its own, Panels doesn't really do anything, you need something like Page Manager to utilize it. So with that being said, what can Page Manager do?

Once upon a midnight dreary, while I coded weak and weary, poring over content theory, I asked myself “can users find what they are looking for?”

“Yes,” it told me, “yes.”  Startled, I was surprised to see a raven perched on my cubicle.

“UX.” The raven cawed, cackled and clenched its claws.  “Content.” He muttered only this and nothing more. And so began my journey to investigate user experience and develop content strategy that led me to call all UX practitioners and content strategists to DrupalCon Baltimore.  

On The Air With Palantir, Ep. 7: Getting Started in Drupal On the Air With Palantir brandt Mon, 01/09/2017 - 13:31 Ken Rickard and Cathy Theys with Allison Manley Jan 9, 2017

We want to make your project a success.

Let's Chat.

How to get started in Drupal.

Welcome to the latest episode of On the Air with Palantir, a long-form podcast by Palantir.net where we go in-depth on topics related to the business of web design and development. It’s January 2017, and this is episode #7. In this episode, Director of Professional Services Ken Rickard is joined by Cathy Theys of BlackMesh. 

iTunes | RSS Feed | Download | Transcript

Subscribe to all of our episodes over on iTunes.

We want to make your project a success.

Let's Chat. Transcript

Allison Manley [AM]: Hello and welcome to the latest episode of On the Air with Palantir. A podcast by Palantir.net, where we go in depth on topics related to the business of web design and development. It's January 2017, and this is episode number seven. This time my colleague Ken Rickard does the interviewing work for me. Ken was at GovCon in 2016, and was speaking with Cathy Theys, who is the Drupal community liaison at BlackMesh. She's got some fantastic information about how to get started in Drupal.

Ken Rickard [KR]: Today we're talking to Cathy Theys. We're at Drupal GovCon, which is a great event here in Washington D.C., Cathy is the Drupal community liaison for BlackMesh. Cathy, is there anything else we should know about you as we get started?

Cathy Theys [CT]: Let's see. Right, so Drupal community liaison. I go to a bunch of events for my job. I fix issues in Drupal. I had a long history of dealing with the mentor program. I tend to serve as a contact point when people have questions about how you get things done in the community or there's a tricky situation coming up, they might ask me my opinion on it, how to deal with that.

KR: I know you from the Chicago Drupal community. I know I run into you at a lot of events where you're helping onboard new Drupal developers.

CT: Mm-hmm.

KR: That's one of the things that you're passionate about.

CT: Yes.

KR: I think that's a really interesting question here at GovCon, we're dealing with a lot of agencies here who are new to Drupal. The keynote we just sat through was about moving the NIH onto Drupal for the first time. They talked about what that was like. I mean what brought you here, to GovCon specifically?

CT: BlackMesh, we're based in Ashburn, Virginia, so we're super close by, local. There's a bunch of us here, there's like eight or nine of us here, so it's really great because I travel a lot. I don't get to see my coworkers all the time, so I go to an event like this, we all get to hang out together and that's really nice. The sessions here are pretty top-notch. There's a lot of interesting topics, both for developers and for agencies. There's a really good range of beginner to advanced ones. It's really great.

KR: And I learned yesterday that I think this is officially the biggest non Drupal Con event in the United States. CT: Wow.

KR: Yeah. We surpassed bad camps, so that's good. I want to go back to again your role in the communities to help onboard new developers.

CT: Mm-hmm (affirmative).

KR: In particular, you're a liaison to make it easier for folks to work with Drupal. Like I said, in the keynote, we were dealing with an agency coming on to Drupal for the first time. I think my first question really is, for a government agency or other organizations using Drupal for the first time, what advice do you have for them getting started?

CT: The very, very first thing, I think is important is that the agency makes sure that they have an organizational node on Drupal.org. That's just a piece of content where you can put your logo and your company description. It just allows a way of referring to yourself within the Drupal community. Drupal.org is really important for the Drupal community. It's the hub of everything and it's our central conical repository for asking questions and getting answers. So just establishing your agency is the very first thing. Then I think the next thing that's important to do, is to take anybody associated with that agency that might every touch Drupal and make sure they have user accounts. The profiles on these user accounts can be quite complex, but there aren't a lot of required fields. It's like pick a username, give an email address, you don't even have to say your real name, but what the agency wants to make sure that their developers do, or not their developers, their tech team, right, does is makes a user account and associates it then with the organizational node that's there. That will immediately open up a lot of doors for getting information out of the community. Without that it can be really difficult to really get the most benefit out of it. Those are I think the first steps.

KR: That's interesting to me because we're making, I think we started with the assumption that you're going to have to interact with the community in order to get your project done and be successful.

CT: Yes, absolutely.

KR: What is it I guess about Drupal that makes that sort of a requirement?

CT: Some parts of Drupal are core, the central package, and other things are contributed projects, themes, modules, distributions. Then there's also custom code, the internal tech team might put together. Much of that is extremely high quality. Some of it isn't. Some of it has information about how to use it, but might be targeted towards a particular kind of role in a company. If the documentation for something is targeted toward a site builder, and you have a back-end developer trying to figure out what's going on, the quality of the project can still be good. The documentation is kind of sort of in place, but it still might be confusing if that documentation isn't written for exactly who you are. So you might want to clarify something with somebody, because when you have a chance to clarify something, ask a question, and get an answer it means that the total time that you spend trying to figure something out will be shorter. Typically, that means it costs less. I think that's really important for agencies. They want to make that their people are very efficient so that the project can get done in a reasonable time. There are not scary reasons for needing to interact with the Drupal community. I think a lot of projects will just have questions and clarifications and very little custom code that they need to do.

But they may not realize that that's possible if they're not talking to Drupalers and getting those clarifications. They might go off on a wrong assumption like, "Oh wait, this doesn't do what I want. I'm going to do a whole bunch of custom stuff." When you have the chance to interact with people, you can kind of make sure you're on the right path. You don't go down that way of getting on a custom code. You may have some and that can be really good, but custom code is very difficult to maintain. Especially if you have turnover in your tech team.

KR: Mm-hmm.

CT: And if you don't have automated tests for it, then that can additionally be complicated. When you're just getting started on a project, right, you have this clean slate. You haven't changed Drupal, you don't have any of this custom stuff. If you know that you want to limit your custom stuff, and then talking with the community can help you do that. I think one of the reasons, in addition to maintenance of custom code, one of the reasons why keeping that to a minimum is important is for security reasons. Interacting with the Drupal community can provide a really nice opportunity to make sure that your stuff is secure. When you do have to make custom code or patch a module or whatever, and you ask the question on Drupal.org, typically perhaps an issue associated with the theme or the module that the question is about, that gets you started in the right direction. Then you may be like, "Oh. Well I think it should be like this." Or "This is the custom solution we're going to use with this." Because you have the issue, because you asked the question, then you can present the changes that you think are needed on the issue. When you do that, what you get is you get the entire Drupal community, which is quite large, I mean it's got to be, life if you add up people who contribute to contribute stuff, then it's got to be like 10,000 people, I think.

KR: Right. It's a gigantic international community. One of the advantages we always talk about with open source is essentially that none of the problems you're talking about are unique, right? Your project is special to you and it's important, but it's-

CT: And the combination of aspects of your projects could be quite unique. Individually, those have probably come up already.

KR: Right. CT: Yeah. Then when you post these changes on this issue where you started asking just some questions, and you have the whole entire Drupal community what you get is a chance that somebody in there might have experience with evaluating changes and their security implications. They might see your change, they could run across it, spot something, and then ... Nobody's going to do that and not reach out. The way people reach out then is a lot of different ways. It could be in a comment on the issue, it could be contacting somebody through their user profile, it could be going to look to see what company they look at and who else works there. So that ties back to this first step, right, of the organizational profile and the user profiles. I think for government agencies, security is quite often a very big concern. The nice thing about doing this, or the opposite of doing this let's say, right? Is you start your project, your internal team you're like, "Go learn Drupal. Go do it." And they don't ask anybody questions, so they want to change something, and they keep their change internal only. Then they don't even have a chance to get this free, possible security audit. I mean it's not a formal thing, but if you don't put it out there, on Drupal.org, then you don't even have that opportunity and you're completely missing it.

KR: Right. It's worth noting for people who aren't aware. So we talked about sign up for an organizational cap, the next thing you have to do really is sign up for security alerts. Security notifications I mean, security notifications come out every Wednesday.

CT: Yeah.

KR: Sometimes there's none sometimes there's several. It's worth noting that any module that you download from Drupal.org that has an official release, it's not an Alpha software, it's not a Beta, is covered by Drupal security team.

CT: Right. What that means though is not that it gets a security review before release, but that if somebody notices a security problem that they can bring it to the security teams attention, typically privately. Then somebody will look at it. It's reactive in that sense. The security team also does several proactive things, but it doesn't just be like, "Oh you can't make an official release until we look at your code." We don't go quite that far.

KR: Right. But it is nice to have that layer of accountability, so when we say, "Oh we think there might be a security issue with his implementation." You can report a security issue and the security team will have a, essentially someone who's trained in security review take a look at things. Yeah, I've participated in those issues. It's quite an impressive process.

CT: Yeah and super high quality people that have a lot of experience looking at it. I'm also on the security team, but I'm a new member. Mostly I just help other people with things. Like you asked, you're getting started, what are some of the first steps? We talked about some of the things. Making those profiles, starting to use Drupal.org to talk to people, to ask questions, and to post possible changes. I think the thing is the agency, it would help the agency take advantage of all these benefits only if they have their tech team doing this. So putting in place some internal processes that encourage this will help make sure it happens. If you want somebody to do something, you should give them an environment where it's easy for them to do it and they see the benefits from it. If you can, you make doing it part of a bigger process. Yesterday, here at GovCon, I went to see Damien Mckenna's talk. It was called Free, Libre and Open Source Software and You. It was absolutely about this. You have an internal group, you know you should be doing something with the community or contributing, like what the heck do you do? So I highly recommend that people check out his information that's on the GovCon site, it's on the schedule for Wednesday. But there were kind of two or three important things I think that I can say pretty quickly and that is that one step to encouraging people to do this interaction with the community is just to start tracking the interactions that happen. Without necessarily asking, like setting expectations for what people should do. Every project that you answer a question on or things, like just start tracking the interaction that happens. So you can see how that changes over time. I think that's good to have in the process.

One of the ways to encourage communicating on Drupal.org about things, and have it be part of the process, is internally when you have to make a change to something is to track as part of the identifier for that change, the issue number and the comment number. You can't then internally track it as part of your process, if it doesn't have an issue and it doesn't have a comment number. So you could make some kind of standard like in your git-commit message, make sure you use this pattern in this string. Or when you name your patch file, or when you set up your composer json and you're pulling a change, that part of documenting that is the issue it came from and the comment number. Then you can't really get around it, because it's like, "Oh I can't commit it without a number." And then people do and so that can be really nice. I think the other kind of getting started recommendation that Damien had that is pretty decent is to plan for your tech team to have 10% where they don't have to track what they're doing. So it's not like directly billable or on a particular thing that's in the current sprint, but it's just 10%. Damien says people can do things like four hours on Friday afternoon, tends to work pretty well because you don't really want to be deploying any changes on Friday afternoon, but you have these people and you're paying them to do something. So they might as well be doing something productive.

KR: Right. He's basically talking about, baking aside sort of 10% is internal training time or just community time.

CT: Yeah.

KR: To get things up to speed.

CT: And for that it can help to have some sort of orientation for people. Some agencies might identify one person on their tech team, like you said, that will spend a significant part of their time figuring out what the heck this community is and being the point for communication there. If people don't have that, they might want to get ramped up by bringing in somebody for maybe a day, or two days, and be like, "This is how you communicate with the community." Because telling people, "Oh you have 10% time to do whatever you want." They're going to do things that they're interested in and probably that they kind of sort of know already. If they're like, "Yeah 10%, I could contribute to some Drupal project." And they've never done it before, and they're all on their own and they don't know what to do? The odds of them using that time for that are kind of low. Including some kind of orientation for how to do that will help make sure people can be successful when you expect them to do it.

KR: It's good also to review the types of contributions that people can make, because this is something we talk about with contributors all the time.

CT: Yeah. I switched my description of talking about who these people are, the tech team, right? Halfway through the conversation.

KR: Right, right.

CT: Because I think people have this expectation that the only people who might be doing this interaction with the community are back-end developers, or possibly editors, but that's really not true at all. It's site builders, and junior people on the team. It could be anybody because there's so many different levels of questions. It could be like, how do I use this API? Or it could be like, I'm evaluating these three modules, or it could be we have this ambitious goal for this project, can we even get it done? Those are not all the same role, but they're all on the tech team.

KR: Right, correct. Editors have questions too. We were working on a project and I had to say, "Hey I'm using the Wizzy Wig to upload images, but I can't upload files through it. So what do I do?" And the answer was, "Well we go to Drupal.org and we look around and know if there's a module that handles that." Yeah. It's a project question.

CT: Right.

KR: And it's a technical question, but it's not a developer question.

CT: Right. I think it's nice when we're ... One of the super awesome things about the Drupal community that is a little difficult to explain to people who might be getting involved, is how thoughtful the Drupal community is. How we're always looking at the processes that we have, and can we improve them, and what happened, and what should happen? One of the ways that that can be apparent that that's part of our community ethos is that we frequently go through changes in language that we use to describe things. So that we can be usually more accurate, and also more compassionate, more inclusive.

KR: Mm-hmm.

CT: I like that when we use language that's more inclusive, we're quite often being more accurate. Like an example here at this event, and a lot of Drupal events that people might end up going to, is that we use a lot of rooms. We take over conference centers, and typically one of the areas in the past used to be called The Coder Lounge.

KR: Right, right.

CT: Over the last couple years, people in the community who may not be even involved with the camp, sort of take ownership of things. It's open source, right, you see a problem and you fix it. Sometimes people will take sharpies to signs that say Coder Lounge and they'll make them more accurate and also more inclusive, by crossing it out and changing it to Contribution Lounge, because that's what happens in those rooms. When people get together and they're like, "I had this question about Drupal. Perhaps it's an issue we might eventually need to fix something." Or, "I have a question about an issue." So the activity in those rooms is not people coding always. The people in those rooms are not just coders. You can get usability specialists, designers, all kinds of people, marketing people. I was in Montreal recently for Dev Days, which was a Drupal event. I was in the contribution area and somebody was walking through and they're like, "I need help." And people were like, "Well what do you need?" And they're like, "I need a native English speaker." I'm like, "I'm a native English speaker." And so I started talking to them more and it turns out they were working on writing a showcase that featured their new distribution that they were putting out for Drupal 8 that is going to be kind of the replacement for commons. This person, which was like the project lead, and they had their whole team there and they were doing last minute changes to make this distribution available so a bunch of people could get a nice benefit, not just their agency. Stated explaining to me, and I was reading the showcase that they wrote, and we didn't just end up talking about grammar and native English things.

Because I'm outside to the project, and I'm not familiar with it, and I don't have any expertise in commons, I had a lot of questions. There were some wordings that they thought were clear and that I didn't think was clear. They would switch audiences sometimes, like sometimes be talking to developers or evaluators. They were talking about the community as us sometimes and sometimes the agency is us. Just because I didn't know anything about their project, we were able to work through this together. We actually had a super fun time. We were able to work through this together and come out with a much better showcase that then ended up being a featured showcase on Drupal.org. Was that coding, in a Coder Lounge? No. Was it contributing to the success of a project? Absolutely. Was it somebody working on the computer by themselves? No. It was just me asking questions. I would read it and I'd be like, "Well what does that mean?" I didn't even have to know anything and I still helped with the contribution. So when we say tech team, it really is more inclusive. When we say contributing, we really mean contributing in the widest possible way.

KR: Yeah. It's probably good to wrap up by talking about that concept of contribution and collaboration. I mean it is one of the driving forces I think for why people, especially government agencies, would want to use Drupal rather than a propriety system. Because this idea is, if we solve this problem the first time then it can be reused. Reused by other people.

CT: Mm-hmm.

KR: For example in Australia, the Australian government has a common Drupal distribution that all agencies can use to kick start their projects. Sort of a fascinating piece. A lot of the stuff that we've been talking about here is around baking that knowledge into your project. Making sure that your project is planned with these interactions in place.

CT: Yeah.

KR: What I'm getting at a little bit is are there parts of your project that you don't want revealed immediately? Is that you need to be planning for? Because sometimes there is proprietary business logic or-

CT: Yeah absolutely.

KR: Or secret things. So do you need to be planning out like, this is release worthy. I'm thinking of an example from the White House. The White House, for example, very specifically released certain code when they did their big WhiteHouse.gov project.

CT: Yeah.

KR: So is that something that sort of project managers ought to be thinking about upfront?

CT: Well you definitely can't just release everything. Perhaps including a little bit of research into the project as to what the common best practices are, and how people make that decision, and being able to spend some time educating your team is good to build into the project. Doing that, when you do decide to keep some things private, doing it with the understanding of the costs of that and the repercussions. It can still be the right decision to make, but you would want to do it with the knowledge of what's going to happen because of that. Like you are solely responsibly for maintaining it. You are going to need to invest more money in doing maintenance and security, and all these other things. It can still be the right decision, but it's going to affect the project differently.

KR: Mm-hmm.

CT: Even if you make that, it's still good to understand what the benefits would be if you did release it, so that you can understand what the cost you are incurring are when you don't.

KR: Sort of as a wrap up, is there any sort of last pieces of advice you have for people getting started? Like the best thing you've ever done or that sort of one special thing? Maybe, I mean what's the best way to approach the community? It might be a question, like you've never contributed before, you have a question, I don't know.

CT: So the best way to do it, is to start digesting the stream of information that's coming out of the community. Pick your favorite medium, I really like podcasts, there's Drupal Planet RSS feed, that aggregates blog posts and announcements together. Many camps record and publish, for free, their sessions. If you like to watch something, listen to something, or read something, like pick whichever one those are, and just time box four hours or whatever, over a couple days and be like, "I'm going to learn something about whatever." Because whatever information you're looking for it's out there. People communicate really, really well in the Drupal community. The one thing I want to add, when we talked earlier about first steps, and we talked about making user accounts and you mentioned signing up for security email lists. The way people do that is in their profile.

KR: Right.

CT: You can subscribe to the security announcements via their profile. Profiling is super important.

KR: It is super important, because it's the way that we do communicate. I want to thank you for spending the time with us today. You've been really fun and informative.

CT: You're quite welcome. It was nice.

AM: Thank you Ken and Cathy. If you want to hear past episodes of On the Air with Palantir, make sure to visit our website at Palantir.net. There you can also read our blog and see our work. Each of these episodes is also available on iTunes and of course you can follow us on Twitter, @Palantir. Thanks for listening.

JMA Consulting is pleased to welcome Jon Goldberg as our new Director of Operations effective today.

After a brief stint as a political organizer, Jon spent 13 years working in various capacities at a non-profit legal organization, primarily in IT.  In 2010 he co-founded Palante Technology Cooperative and started their CiviCRM department, where he worked for 7 years.  Outside of work, Jon can be found engaging in queer community organizing, (dis-)assembling electronics, and training parrots.

"I'm really excited to have Jon join us given his keen appreciation of how to help progressive organizations achieve their missions using CiviCRM. He's got a deep and wide knowledge of CiviCRM. I appreciate how he gives back to the community like through StackExchange, where he is the top ranked CiviCRM contributor," said Joe Murray, President of JMA Consulting and co-author of Using CiviCRM.

Jon's new role will include leading client engagements, developing standardized service offerings, overseeing internal business administration, and continuing to contribute to the CiviCRM ecosystem.

JMA Consulting is a leading provider of CiviCRM services including:

  • CiviCRM for advocacy and donor management,
  • software development for extensions and core CiviCRM,
  • data migration from NationBuilder and other CRMs, and
  • custom integrations with Drupal and Wordpress sites.


PartnersCiviGrantCommunityDrupalExtensionsFinance and AccountingInternationalization and LocalizationTrainingWordPress

You might have heard about the MongoDB scare with titles like: MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers!

Rest assured, your MongoDB instances are safe and sound if they are running on Platform.sh. And this is a very strong argument to why our architecture is superior to other PaaS providers.

Unlike other providers, with Platform.sh all the services you use are inside the managed cluster and included in the plan’s price. These are not outside services that expose application ports on the internet. This is what allows us to clone entire clusters, this is what allows us to offer a 99.99% SLA on the entire stack for our enterprise offering, but this is also a security feature.

Each cluster has only two ways in: HTTP or SSH. Our entrypoints simply will not answer anything else.

Your application containers in the cluster have direct connectivity to the service containers, but this happens on a non-routable IP class. There is simply no possible way for the exterior world to access a service directly. And if you are running (in micro-service style) multiple services in the cluster you can even control which has access to which services through the relationships key in your .platform.app.yaml file. Because secure by default makes sense to us.

If you want to connect to a MongoDB instance from the exterior (to run for example an admin interface) you can still do it! But the only way to connect is through an SSH tunnel that relies on your private SSH key (platform tunnel:open on the command line will do the trick). You get all the benefits, all the ease of use of running a modern stack, but none of the hassle and risks of running a patchwork of services.

With Platform.sh you can be WebScale and secure!

From time to time, I've needed to have a default set of Taxonomy terms created at the same time as a content type, as in the case of a field with a required Taxonomy term reference, using a Taxonomy that is not 'free tag' style.

Instead of requiring someone to go in and manually add all the terms after code is deployed, you can add terms in a custom module's update hook, like so:

In December 2016 we started implementing a new idea. An idea that looks back at the best Drupal blogs that were written by other authors in the previous month. We started with a November's overview. Here is next one in the row, bringing you December's action. Building Views Query Plugins for Drupal 8 We begin our list with the second part of Building Views Query Plugins for Drupal 8 by Matt Oliveira. He wrote about coding the plugin and ended up with a basic functioning example. Yet, the author left some space open for the final third part. You can read the full blog post here. The… READ MORE

Drupal is an open source project and really depends on its community to move forward. It is all about getting to know the CMS, spreading the knowledge and contribute to projects.
I will give you some ways to get involved, even if you are not a developer there is a task for you!

Drupal Mentors – DrupalCon Dublin 2016 by Michael Cannon is licenced under CC BY-SA 2.0

Participating in user support

Sharing your knowledge with others is very important to the community: it is a nice thing to do and you might also learn some things by doing so. Whatever your skill level, you can give back to the community with online support. There are many places where you can give support starting with the Support Forums. You can also go to Drupal Answers which is more active than the forums or subscribe to the Support Mailing list. If you prefer real-time chat, you can also join #drupal-support channel on IRC or the Slack channels.

Helping out on documentation

Community members can write, review and improve different sorts of documentation for the project: community documentation on drupal.org, programming API reference, help pages inside the core software, documentation embedded in contributed modules and themes etc.
Contributing is a good way to learn more about Drupal and share your knowledge with others. Beginners are particularly encouraged to participate as they are more likely to know where documentation is lacking.
If you are interested, check out the new contributor tasks for anyone and writers.

Translating Drupal interface in your own language

The default language for the administration interface is English but there are about 100 available languages for translations. There is always a need for translations as many of these translation sets are incomplete or can be improved for core and contributed modules.
All translations are now managed by the translation server. If you are willing to help, all you have to do is logging into drupal.org and join a language team. There is even a video to learn how the translation system works and a documentation.

You can also help to translate documentation into your language. Most language-specific communities have their own documentation so you should get in touch with them directly. To learn more, see the dedicated page.

Improving design and usability

The idea is to improve the usability especially in Drupal 8 regarding the administration interface. The focus is mainly on content creation and site building. The community has done many research to understand the problems that users run into and how the new improvements performs. The purpose is also to educate developers and engage designers in order to grow the UX-team. You can visit the Drupal 8 UX page for more details and join the usability group.

Writing a blog post about Drupal

Writing a blog post about Drupal is a good way to share your knowledge and expertise. There are many subjects to explore, technical or not: talking about a former project you developed or writing a tutorial, telling about the state of a version or sharing about an event you attended… And if you are lucky enough your post can be published on the Weekly Drop, the official Drupal newsletter!

Don’t forget to reference your blog post on Planet Drupal, this platform is an aggregated list of feeds from around the web which shares relevant Drupal-related knowledge and information.

You can also find our Drupal related blog posts on the Liip blog.

Testing core and modules

Testing Drupal projects is necessary to make the platform stable and there are many things to test! If you have a technical background, you can help to review patches or to write unit tests.
For non-technical people, you can provide some feedback about usability of the administration interface that will help to improve the user experience. Follow the process to give a proper feedback.

Contributing to development

There are many ways to contribute code in core and “contrib” projects such as modules or themes.
You can first help to improve existing projects by submitted patches. This would be the natural thing to do when you work with a module and you notice a bug or a missing feature: search in the corresponding issue queue if the problem have been noticed before. If not, post a message explaining the issue and add a snippet of code if you found a potential fix. Then you can create a patch and submit it into the issue queue.
You can also contribute to new projects by creating your very own module or theme or create a sandbox for more experimental projects.

Attending events

The Drupal association organizes many events all around the world to promote the CMS and gather the community.

One of the biggest events are the Drupalcons. A Drupalcon gathers thousands of people and lasts about one week including 3 full days of conferences. These conferences cover many topics: site building, user experience, security, content authoring etc. You can also join sprints to contribute to Drupal projects and social events to meet the members of the community. Check out our report about DrupalCon Barcelona 2015!

“Drupal Dev Days” conferences occur once a year and gather developers to discuss and present topics technically relevant to the community. You can join sprints, intensive coding sessions and technical conferences.

You can also join DrupalCamps to meet your local community. These events last one or two days and focus on sharing knowledge amongst the community. You can attend conferences and sprints.

There are also many Drupal meetups which are free events happening in many cities in the world. Presentations and discussions finish around nice drinks and appetizers.

Sponsoring events

The community holds conventions and meetups in many countries and being a sponsor will not only help Drupal development but it will also enable you to be noticeable within the community. There are different levels of sponsorings that will offer from mentions on social media to advertising online and at the exhibition space of the event. All you have to do is getting in touch with the event organizers. By the way, Liip will sponsor the Drupal Mountain Camp in Davos this year!

Offering a donation

You can give donations to the Drupal association through the website in order to support drupal.org infrastructure and maintenance, worldwide events such as Drupalcons. The donations are either in Euros or Dollars.

You can also become a member of the Drupal Association for the same purpose, as an individual member or an organization member. The minimal fees are 15 Euros. Find more information about membership on drupal.org.


Drupal projects are constantly improving thanks to passionate volunteers who work on many subjects: development, documentation, marketing, events organization, supports… There is for sure a task that will suit you and it only takes small time commitment to make changes.
So join the great Drupal community and start getting involved!

In Drupal 8, there are many ways to interact with configuration from PHP. Most will allow you to write the config values, but some are read-only. Some will include 'overrides' from settings.php, or translations. There are many layers of abstraction, that each have different purposes, so it can be easy to run into subtle unintended problems (or more obvious errors!) if you pick a method that doesn't quite suit what you actually need to do. Here I'm going to outline some of them and when you might pick each one.

SAML ADFS authentication in Drupal Language English Return to Blog SAML ADFS authentication in Drupal

Drupal as consumer/SP, ADFS as IdP

Tue, 2017-01-10 13:24By pascal

We'll try to cover the needed step to authenticate (and create if need) Drupal 7 users against an external Active Directory Federation server, using SimpleSAMLphp and the simplesamlphp_auth module.

Examples are given for a Debian server, using Nginx and php-fpm, but most of the configuration would be similar for other setups, and except for the application integration part, the SimpleSAML setup part should apply to any php integration.


We'll assume that:


We'll use memcache to store user sessions (although you can use a MySQL-like database instead), which is done through the php-memcache extension (NOT php-memcached):

sudo apt-get install memcached

sudo apt-get install php5-memcache

Once again, in case you read too fast, php-memcache, NOT php-memcached !

1. Nginx configuration: accessing SimpleSAML library through the web

Given that SAML is based on redirects, the first thing you'd need to do is being able to access the library over HTTPS.

1.1. Install the library

Download the library from https://simplesamlphp.org/download and extract it in Drupal's library folder, so it ends up under sites/all/libraries/simplesamlphp-1.14.8 in the repo (that will match /var/www/drupal-sp.master/www//sites/all/libraries/simplesamlphp-1.14.8 once deployed on the server).

1.2. Amend Nginx' fastcgi configuration

We need to add a line to the /etc/nginx/fastcgi_params file so it supports path_info (in short, paths in the form of file.php/parameter1/parameter2). Instead of amending the default one, we took the view of duplicating it and amending the copy instead:

sudo cp /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params_path_info

and add the following at the end: "fastcgi_param PATH_INFO $fastcgi_path_info;"

The resulting file should now look like:

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length;   fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol;   fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;   fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;   fastcgi_param HTTPS $https if_not_empty;   fastcgi_param HTTP_PROXY "";   fastcgi_param PATH_INFO $fastcgi_path_info;     # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; 1.3 Setup the vhost

While it is possible to use a different subdomain for your application and the SimpleSAML library (look at 'session.cookie.domain' on SimpleSAML side and '$cookie_domain' on Drupal side), the simplest and most common approach is to have both under the same domain. Typically, our Drupal installation being at https://drupal-sp.example.com/, we would make the library accessible at https://drupal-sp.example.com/simplesaml/. Note the 'simplesaml' location has been chosen for simplicity of the example, but it could be set to anything, https://drupal-sp.example.com/auth/, https://drupal-sp.example.com/whatever/, ...

What we need to do is setting up an alias for our /simplesaml location to the library webroot on the filesystem at /var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8/www. The resulting vhost file (trimmed non-relevant parts) would be similar to:

server { server_name drupal-sp.example.com/; listen 443 ssl; # DRUPAL_ROOT root /var/www/drupal-sp.master/www; fastcgi_param HTTPS on; #### BEGIN SAML specific config #### # We could use any alias, as long it matches the config.php of SimpleSAML. location /simplesaml { # Point to our library folder webroot. alias /var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8/www; location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ { fastcgi_split_path_info ^(.+?\.php)(/.+)$; fastcgi_pass; fastcgi_index index.php; # Note we include the fastcgi config copied and modified above. include fastcgi_params_path_info; fastcgi_param SCRIPT_FILENAME $document_root$phpfile; fastcgi_param PATH_INFO $pathinfo if_not_empty; } # This looks extremly weird, and it is. Workaround a NGINX bug. @see https://trac.nginx.org/nginx/ticket/97 # Without this the assets (js/css/img) won't be served. location ~ ^(?<prefix>/simplesaml/resources/)(?<assetfile>.+?\.(js|css|png|jpg|jpeg|gif|ico))$ { return 301 $scheme://$server_name/sites/all/libraries/simplesamlphp-1.14.8/www/resources/$assetfile; } } #### END SAML specific config #### ## Rest of your app specific directives. } 2. SimpleSAML configuration 2.1 config.php

This is where the main "global" configuration directives reside, and it is located under the "config" folder of the library. Most of the default are fine as is, we are mainly going to set:

  • the main path
  • the memcache settings
  • the debug mode

The resulting file would end up with the following options:


<?php   /* * The configuration of SimpleSAMLphp * */   $config = array( /** * Full url to the library. Trailing slash is needed. */ 'baseurlpath' => 'https://drupal-sp.example.com/simplesaml/', /** * Debug data. Turn all that to FALSE on prod. */ 'debug' => TRUE, 'showerrors' => TRUE, 'errorreporting' => TRUE, /** * Admin access, do not enable on prod. */ 'auth.adminpassword' => 'MYPASSWORD', 'admin.protectindexpage' => FALSE, 'admin.protectmetadata' => FALSE, /** * This is a secret salt used by SimpleSAMLphp when it needs to generate a secure hash * of a value. It must be changed from its default value to a secret value. The value of * 'secretsalt' can be any valid string of any length. * * A possible way to generate a random salt is by running the following command from a unix shell: * tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo */ 'secretsalt' => 'omqczwt6klfdn244787098jqlfjdsql', /* * Some information about the technical persons running this installation. * The email address will be used as the recipient address for error reports, and * also as the technical contact in generated metadata. */ 'technicalcontact_name' => 'Administrator', 'technicalcontact_email' => 'na@example.org', /** * We want debugging on while setting our install up. */ 'logging.level' => SimpleSAML_Logger::DEBUG, 'logging.handler' => 'syslog', /** * Sessions will be held in memcache. */ 'store.type' => 'memcache', 'memcache_store.servers' => array( array( array('hostname' => 'localhost'), ), ), );

At this point, you should be able to reach https://drupal-sp.example.com/simplesaml/ and login as 'Admin' using the local SimpleSAML authentication mechanism. Check the "configuration" tab to access basic sanity checks on your config.

2.3 authsources.php

We're now ready to define our new authentication source in the config/authsources.php file, that holds an array of all available authentication sources. You'll notice there's already an "admin" one, which is the default local one defined by the SimpleSAML php library.

We assume that nothing has yet been created on the ADFS side (we'll do that at a later step), if that's not your case, you should match the entityID with the one provided to you.

<?php   $config = array( 'admin' => array( // Default local auth source. 'core:AdminPassword', ), 'example-drupal-sp' => array( // Type of auth source. 'saml:SP', // Unique identifier of your SP. // This can be set to anything, as long as no other SP use it on the IDP already. 'entityID' => 'urn:drupal:example', // IDP url identifier. A mean of getting the precise url is given later (@todo link) 'idp' => 'http://adfs-idp.example.com/adfs/services/trust', // This must be explicitely set to NULL, we rely on metadata. 'NameIDPolicy' => NULL, // These are the SP-side certificate, that we will need to generate. // The location is relative to the 'cert' directive specified in the // config.php file. 'privatekey' => 'saml.pem', 'certificate' => 'saml.crt', // Enforce signing of redirections, using our certificate. 'sign.logout' => TRUE, 'redirect.sign' => TRUE, 'assertion.encryption' => TRUE, // Enforce use of sha256. 'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', ), );

If you navigate to the "Authentication" tab > "Test configured authentication sources" within the /simplesaml admin interface, you should now see your new source appear as "example-drupal-sp". Don't try yet to use it, it will just throw exceptions for now !

Certificate generation

We now need to generate the certificates we did specify in the auth source, they will be used to sign our requests. We'll stick with the default location and create them under the "cert" directory of the library.

cd sites/all/libraries/simplesamlphp-1.14.8/cert

openssl req -x509 -sha256 -nodes -days 3652 -newkey rsa:2048 -keyout saml.pem -out saml.crt

2.4 saml20-idp-remote.php

The last piece of information that is needed for the two systems to be able to communicate is the metadata specification, which defines the various endpoints and protocols to use. The ADFS server conveniently exposes those, so we just need to get hold of them, and convert it to php. The federation XML file is usually located under /FederationMetadata/2007-06/FederationMetadata.xml but you can find it out from the ADFS management tool, by expanding "Services" > "Endpoints" and looking at the Metadata section.

In our case we would download "https://adfs-idp.example.com/FederationMetadata/2007-06/FederationMetada...". The next step is to convert it to a php array, with an utility provided by the SimpleSAML library, located at /simplesaml/admin/metadata-converter.php. This will generate 2 php arrays ready to copy paste:

  • saml20-sp-remote: we can ignore this one in our setup, as we are only acting as a Service Provider
  • saml20-idp-remote: this is the data we will need, and we are going to copy/paste it into metadata/saml20-idp-remote.php.

The array key should match the value of what we had specified in our authsources:


'idp' => 'http://adfs-idp.example.com/adfs/services/trust',


$metadata['http://adfs-idp.example.com/adfs/services/trust'] = array(

If that's not the case, amend your authsource. Pay especially attention to the fact that the idp may identify itself as http://, not https://, even though all requests go through https endpoints.

3. ADFS setup

Now the SP side component is ready, we need to configure the IDP side.

3.1 SP metadata

In the same way our SP needs metadata to know how to talk to the IDP, the ADFS server needs to how to communicate with the SimpleSAML library, and must be provided some metadata. Here again, the SimpleSAML php library helps us a lot by exposing its metadata, ready for the server to consume.

You can obtain this url within the /simplesaml admin section, under the "Federation" tab, by clicking on the "View metadata" link underneath your "example-drupal-sp" source. This will display the actual metadata, along with the dedicated url to obtain it, https://drupal-sp.example.com/simplesaml/module.php/saml/sp/metadata.php... in our case.

3.2 Trust configuration

In the ADFS admin tool on the Windows server, create a new "Relying Party Trust". This should launch a Wizard similar to:

Enter the SP metadata URL (https://drupal-sp.example.com/simplesaml/module.php/saml/sp/metadata.php...) into the "Federation metadata address" field and press next. This should be enough to setup all the needed configuration, even though you will get a notice about some metadata fields being ignored, which you can ignore.

3.3 Claims

These claims serve as mappings between ADFS and SAML "fields", and are accessible trough the "Edit Claim Rules..." entry.

3.3.1 LDAP attributes

Create an "Issuance Transform Rule", of type "Send LDAP Attributes as Claims" with the fields you need to pass back to the SP. Some are preset and defined in the metadata, but you can add custom ones: In this example UPN and Email are using the set schema, while DisplayName is custom:


3.3.2 Incoming Claim

This is needed to map the SAML "Name ID" with the LDAP "UPN". Create another "Issuance Transform Rule", of type "Transform an Incoming Claim":


3.4 Testing the authentication

At this point, you should be able to authenticate against the Federated login. Before going any further, make sure this is working, by navigating to https://drupal-sp.example.com/simplesaml/ and following the "Test authentication sources" under the "Authentication tab".

After login in and being redirected, the simplesaml library will conveniently expose the attributes we added in the Claim rules, with their value:


These fields are the ones the Drupal component is going to use for mapping with the user entity.

4. Drupal 4.1 The simplesamlphp_auth module

Now is the time to "drush en simplesamlphp_auth" ! Once the module is enabled, you will need to specify the ID of the authentication source, the user properties mapping from the LDAP attibutes, and you have a couple of options regarding how users will use Federated login over local Drupal login. You can do this through the UI, or capture in settings.php as follow:

<?php /** * @group SimpleSAML */ // The id of our authentication definition, // found in the config.php file at point 2.3 // above. $conf['simplesamlphp_auth_authsource'] = 'example-drupal-sp'; // Absolute path to the simplesamlphp library. $conf['simplesamlphp_auth_installdir'] = '/var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8'; // Field mappings. $conf['simplesamlphp_auth_mailattr'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'; $conf['simplesamlphp_auth_unique_id'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'; $conf['simplesamlphp_auth_user_name'] = 'DisplayName'; // Main activate/desactivate federated login switch. $conf['simplesamlphp_auth_activate'] = 1; // Allow/Disallow users to login with local Drupal account. $conf['simplesamlphp_auth_allowdefaultlogin'] = 1; // An array of roles than can login with a local Drupal account. // Leave empty doe 'all' $conf['simplesamlphp_auth_allowdefaultloginroles'] = array(); // An array of user uids than can login with a local Drupal account. $conf['simplesamlphp_auth_allowdefaultloginusers'] = array(); // Allow local password changes. $conf['simplesamlphp_auth_allowsetdrupalpwd'] = 0; // Overrides local roles (implies role mapping, // that is not covered in this article). $conf['simplesamlphp_auth_rolepopulation'] = '';

At this point, congrats, you are done ! Navigating as anonymous to https://drupal-sp.example.com/saml_login should redirect you to your Federated login portal, then back to Drupal where you will be logged in.

You can either add a link pointing to this on the login form if you are planning to mix local/federated login, or take over the login process enterly by redirecting it to this path.

4.2 Multi-environment setup

Chances are you are using several environments (dev/stage/uat/prod or however you name then) and want to use different endpoints foreach one. By default, the authsources and metadata settings are all keyed by ids, but some of the settings would all be shared in the $config array from your config.php file. You have several options to split those and use a different setup per environment, our choice is based on Drupal's settings.php. The reason is that it is fairly common to have this file environment-specific already, through symlinks, includes, etc. as part of whatever CI tool you are using.

4.2.1 config.php

Copy your simplesaml config.php to config.$ENV.php, eg config.dev.php for your dev environement. Then, replace the content of the main config.php with the following snippet, that will source Drupal settings.php file for an "environment" variable.

<?php   /* * Environment switcher for SimpleSAMLphp * */   // Session management. if (!ini_get('session.save_handler')) { ini_set('session.save_handler', 'file'); } // Grab per environment settings. if (!defined('EXAMPLE_DRUPAL_ROOT')) { define('EXAMPLE_DRUPAL_ROOT', substr(__DIR__, 0, strpos(__DIR__, '/sites/all/libraries/simplesamlphp-1.14.8/config'))); define('EXAMPLE_DRUPAL_SETTINGS_LOCAL_FILE', EXAMPLE_DRUPAL_ROOT . '/sites/default/settings.php'); } // This is defined in Drupal's settings.php file. global $example_simplesamlphp_environment; // Need to include the bootstrap file as it contains // some constants settings.php relies on. if (!defined('DRUPAL_CORE_COMPATIBILITY')) { require_once EXAMPLE_DRUPAL_ROOT . '/includes/bootstrap.inc'; } require_once EXAMPLE_DRUPAL_SETTINGS_LOCAL_FILE; require_once __DIR__ . '/config.'.$example_simplesamlphp_environment.'.php'; 4.3 settings.php

On the Drupal side of things, you can specify the environment to use, which will result in simplesaml loading the $config array from the matching config.$ENV.php file.

<?php // Be sure to pick a name that cannot conflict with // another variable. global $example_simplesamlphp_environment; $example_simplesamlphp_environment = 'dev'; // Pick the matching authentication endpoint for // this environment in authsources.php. $conf['simplesamlphp_auth_authsource'] = 'example-dev-sp'; BlogEnsuring data security BlogService Resilience and public vs private cloud BlogUnderstanding HSTS BlogPaaS versus managed servers - quality of resource

Direct .mp3 file download.

David Thompson (dbt102), consultant with Function 1, and maintainer of the BACnet and AppCtrl modules (used for building energy management) joins Mike on this first podcast of 2017.

Interview DrupalEasy News Three Stories Sponsors Picks of the Week Upcoming Events Follow us on Twitter Five Questions (answers only)
  1. Bikram Yoga
  2. BACnet advanced workstation with Web Control
  3. Presenting at DrupalCon
  4. Emu
  5. Understanding the value of CCK
Intro Music Subscribe

Subscribe to our podcast on iTunes, Google Play or Miro. Listen to our podcast on Stitcher.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.

User Experience as it relates to Content Management Systems tends to overlook its most important users: Content Editors & Administrators.